
APPENDIX A (Support for Specification Amendments) 

Please amend the specification as follows: 

fCOOL ICE1 DATA MANAGEMENT SYSTEM HAVING REMOTE TERMINAL 
ACCESS UTILIZING SECURITY MANAGEMENT BY TABLE PROFILING 

CROSS REFERENCE TO CO-PENDING APPLICATIONS 

U.S. Patent Application No. 09/164,759, filed October 1, 1998, and entitled, "A Common 
Gateway Which Allows Applets to Make Program Calls to OLTP Applications Executing on an 
Enterprise Server"; U.S. Patent Application No. 09/164,932, filed October 1, 1998, and entitled, 
"A Multi-Client User Customized DOM Gateway for an OLTP Enterprise Server Application"; 
U.S. Patent Application No. 09,164,908, filed October 1, 1998, and entitled, "An Automated 
Development System for Developing Applications that Interface with Both Distributed 
Component Object Model (DOM) and Enterprise Server Environments"; U.S. Patent Application 
No. 09/164,933, filed October 1, 1998, and entitled, "Providing a Modular Gateway Architecture 
Which Isolates Attributes of the Client and Server Systems into Independent Components"; U.S. 
Patent Application No. 09/164,822, filed October 1, 1998, and entitled, "Making CGI Variables 
and Cookie Information Available to an OLTP System"; U.S. Patent Application No. 
09/164,673, filed October 1, 1998, and entitled, "A Gateway for Dynamically Providing Web Site 
Status Information"; U.S. Patent Application No. 09/164,756, filed October 1, 1998, and entitled, 
"Development System for Automatically Enabling a Server Application to Execute with an 
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XATMI-complaint transaction MGR Managing Transactions within Multiple Environments"; 
U.S. Patent Application No. 09/189,053, filed November 9, 1998, and entitled, "Cool ICE Batch 
Interface"; U.S. Patent Application No. 09/189,381, filed November 9, 1998, and entitled, "Cool 
ICE Debug"; U.S. Patent Application No.09/1 88,628, filed November 9, 1998, and entitled, 
"Cool ICE Workstation Directory/File Browser"; U.S. Patent Application No. 09/188,840, filed 
November 9, 1998, and entitled, "Cool ICE Icons"; U.S. Patent Application No. 09/188,738, 
filed November 9, 1998, and entitled, "Cool ICE Service Templates"; U.S. Patent Application No. 
09/189,383, filed November 9, 1998, and entitled, "Automatic Footer Text on HTML Pages"; 
U.S. Patent Application No. 09/189,615, filed November 9, 1998, and entitled, "Availability 
Message"; U.S. Patent Application No. 09/189,611, filed November 9, 1998, and entitled, "Cool 
ICE System Settings"; U.S. Patent Application No. 09/188,807, filed November 9, 1998, and 
entitled, "Cool ICE Service Handler"; U.S. Patent Application No. 09/189,616, filed November 9, 
1998, and entitled, "Server Side Variables""; U.S. Patent Application No. 09/188,629, filed 
November 9, 1998, and entitled, "Cool ICE data Wizard"; U.S. Patent Application No. 
09/188,649, filed November 9, 1998, and entitled, "Cool ICE Column Profiling"; U.S. Patent 
Application No. 09/189,160, filed November 9, 1998, and entitled, "Cool ICE Database 
Profiling"; and U.S. Patent Application No. 09/188,725, filed November 9, 1998, and entitled, 
"Cool ICE State Management" are commonly assigned co-pending applications incorporated 
herein by reference. 
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BACKGROUND OF THE INVENTION 

1. Field of the Invention : The present invention generally relates to data base management 
systems and more particularly relates to enhancements for providing access to data base 
management systems via internet user terminals. 

2. Description of the prior art : Data base management systems are well known in the data 
processing art. Such commercial systems have been in general use for more than 20 years. One 
of the most successful data base management systems is available from Unisys Corporation and is 
called the [Classic] CLASSIC MAPPER® data base management system. The [Classic] 
CLASSIC MAPPER system can be reviewed using the [Classic] CLASSIC MAPPER User's 
Guide which may be obtained from Unisys Corporation. 

The [Classic] CLASSIC MAPPER system, which runs on proprietary hardware also 
available from Unisys Corporation, provides a way for clients to partition data bases into 
structures called filing cabinets and drawers, as a way to offer a more tangible format. The 
Mapper data base manager utilizes various predefined high-level instructions whereby the data 
base user may manipulate the data base to generate human-readable data presentations called 
"reports". The user is permitted to prepare lists of the various predefined high-level instructions 
into data base manager programs called "Mapper Runs":. Thus, users of the [Classic] CLASSIC 
MAPPER system may create, modify, and add to a given data base and also generate periodic and 
aperiodic reports using various Mapper Runs. 

However, with the [Classic] CLASSIC MAPPER system, as well as with similar 
proprietary data base management systems, the user must interface with the data base using a 
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terminal coupled directly to the proprietary system and must access and manipulate the data using 
the Mapper Run command language of [Classic] CLASSIC MAPPER. Ordinarily, that means 
that the user must either be co-located with the hardware which hosts the data base management 
system or must be coupled to that hardware through dedicated telephone, satellite, or other data 
links. Furthermore, the user usually needs to be schooled in the command language of [Classic] 
CLASSIC MAPPER (or other proprietary data base management system) to be capable of 
generating Mapper Runs. 

Since the advent of large scale, dedicated, proprietary data base management systems, the 
internet or world wide web has come into being. Unlike closed proprietary data base management 
systems, the internet has become a world wide bulletin board, permitting all to achieve nearly 
equal access using a wide variety of hardware, software, and communication protocols. Even 
though some standardization has developed, one of the important characteristics of the world 
wide web is its ability to constantly accept new and emerging techniques within a global 
framework. Many current users of the internet have utilized several generations of hardware and 
software from a wide variety of suppliers from all over the world. It is not uncommon for current 
day young children to have ready access to the world wide web and to have substantial experience 
in data access using the internet. 

Thus, the major advantage of the internet is its universality. Nearly anyone, anywhere can 
become a user. That means that virtually all persons are potentially internet users without the 
need for specialized training and/or proprietary hardware and software. One can readily see that 
providing access to a proprietary data base management system, such as [Classic] CLASSIC 
MAPPER, through the internet would yield an extremely inexpensive and universally available 
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means for accessing the data which it contains and such access would be without the need for 
considerable specialized training. 

There are two basic problems with permitting internet access to a proprietary data base. 
The first is a matter of security. Because the internet is basically a means to publish information, 
great care must be taken to avoid intentional or inadvertent access to certain data by unauthorized 
internet users. In practice this is substantially complicated by the need to provide various levels of 
authorization to internet users to take full advantage of the technique. For example, one might 
have a first level involving no special security features available to any internet user. A second 
level might be for specific customers, whereas a third level might be authorized only for 
employees. One or more fourth levels of security might be available for officers or others having 
specialized data access needs. 

Existing data base managers have security systems, of course. However, because of the 
physical security with a proprietary system, a certain degree of security is inherent in the limited 
access. On the other hand, access via the internet is virtually unlimited which makes the security 
issue much more acute. 

Current day security systems involving the world wide web involve the presentation of a 
user-id. Typically, this user-id either provides access or denies access in a binary fashion. To 
offer multiple levels of secure access using these techniques would be extraordinarily expensive 
and require the duplication of entire databases and or substantial portions thereof. In general, the 
advantages of utilizing the world wide web in this fashion to access a proprietary data base are 
directly dependent upon the accuracy and precision of the security system involved. 
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The second major problem is imposed by the internet protocol itself. One of the 
characteristics of the internet which makes it so universal is that any single transaction in HTML 
language combines a single transfer (or request) from a user coupled with a single response from 
the internet server. In general, there is no means for linking multiple transfers (or requests) and 
multiple responses. In this manner, the internet utilizes a transaction model which may be referred 
to as "stateless". This limitation ensures that the internet, its users, and its servers remain 
sufficiently independent during operation that no one entity or group of entities can unduly delay 
or "hang-up" the communications system or any of its major components. Each transmissions 
results in a termination of the transaction. Thus, there is no general purpose means to link data 
from one internet transaction to another, even though in certain specialized applications limited 
amounts of data may be coupled using "cookies" or via attaching data to a specific HTML screen. 

However, some of the most powerful data base management functions or services of 
necessity rely on coupling data from one transaction to another in dialog fashion. In fact this 
linking is of the essence of Mapper Runs which assume change of state from one command 
language statement to the next. True statelessness from a first Mapper command to the next or 
subsequent Mapper command would preclude much of the power of [Classic] CLASSIC 
MAPPER (or any other modern data base management system) as a data base management tool 
and would eliminate data base management as we now know it. 
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SUMMARY OF THE INVENTION 

The present invention overcomes the disadvantages of the prior art by providing a method 
of and apparatus for utilizing the power of a full featured data base management system by a user 
at a terminal coupled to the world wide web or internet. In order to permit any such access, the 
present invention must first provide a user interface, called a gateway, which translates transaction 
data transferred from the user over the internet in HTML format into a format from which data 
base management system commands and inputs may be generated. The gateway must also 
convert the data base management system responses and outputs into an HTML document for 
display on the user's internet terminal. Thus, as a minimum, the gateway must make these format 
and protocol conversions. In the preferred embodiment, the gateway resides in the web server 
coupled to the user via the world wide web and coupled to proprietary data base management 
system. 

To make access to a proprietary data base by internet users practical, a sophisticated 
security system is required to prevent intentional or inadvertent unauthorized access to the 
sensitive data of an organization. As discussed above, such a security system should provide 
multiple levels of access to accommodate a variety of authorized user categories. In the preferred 
embodiment of the present invention, rather than defining several levels of data classification, the 
different classes of users are managed by identifying a security profile as a portion of those service 
requests requiring access to secure data. Thus, the security profile accompanies the data/service 
to be accessed. The user simply need provide a user-id which correlates to the access permitted. 
This permits certain levels of data to be accessed by one or more of the several classes of user. 
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In the preferred mode of practicing the present invention, each user-id is correlated with a 
security profile. Upon preparation of the service request which provides internet access to a given 
portion of the data base, the service request developer specifies which security profiles are 
permitted access to the data or a portion thereof. The service request developer can subsequently 
modify the accessibility of any security profile. The utility of the system is greatly enhanced by 
permitting the service request developer to provide access to predefined portions of the data, 
rather than being limited to permit or deny access to all of the data involved. 

Whereas the gateway and the security system are the minimum necessary to permit the 
most rudimentary form of communication between the internet terminal of the user and the 
proprietary data base management system, as explained above, the internet is a "stateless 11 
communication system; the addition of the gateway and the security system do not change this 
statelessness. To unleash the real power of the data base management system, the communication 
protocol between the data base and the user requires functional interaction between the various 
data transfers. 

The present invention adds state management to this environment. Instead of considering 
each transfer from the internet user coupled with the corresponding server response as an isolated 
transaction event as defined by the world wide web, one or more related service requests may be 
functionally associated in a service request sequence as defined by the data base management 
system into a dialog. 

A repository is established to store the state of the service request sequence. As such, the 
repository can store intermediate requests and responses, as well as other data associated with the 
service request sequence. Thus, the repository buffers commands, data, and intermediate 
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products utilized in formatting subsequent data base management service requests and in 
formatting subsequent HTML pages to be displayed to the user. 

The transaction data in HTML format received by the server from the user, along with the 
state information stored in the repository, are processed by a service handler into a sequence of 
service requests in the command language of the data base management system. Sequencing and 
control of the data base management system is via an administration module. 

Through the use of the repository to store the state of the service request sequence, the 
service handler to generate data base management command language, and the administration 
module , the world wide web user is capable of performing each and every data base management 
function available to any user, including a user from a proprietary terminal having a dedicated 
communication link which is co-located with the proprietary data base management system 
hardware and software. In addition, the data base management system user at the world wide 
web terminal is able to accomplish this in the HTML protocol, without extensive training 
concerning the command language of the data base management system. 
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BRIEF DESCRIPTION OF THE DRAWINGS 

Other objects of the present invention and many of the attendant advantages of the present 
invention will be readily appreciated as the same becomes better understood by reference to the 
following detailed description when considered in connection with the accompanying drawings, in 
which like reference numerals designate like parts throughout the figures thereof and wherein: 

FIG. 1 is pictographic view of the [Cool] COOL ICE system coupled between a user on 
the world wide web and an existing proprietary data base management system; 

Fig. 2 is a schematic drawing showing the operation of a multi-level security system in 
accordance with the preferred embodiment of the present invention; 

Fig. 3 is a pictographic view of the hardware of the preferred embodiment; 

Fig. 4 is a semi-schematic diagram of the operation of the [Cool] COOL ICE system; 

Fig. 5 is an overall schematic view of the software of the [Cool] COOL ICE system; 

Fig. 6 is a schematic view of a service request; 

Fig. 7 shows a schematic view of a service request sequence; 

Fig. 8 is a diagrammatic comparison between a dialog-based structure and a service-based 
structure; 

Fig. 9 is a detailed diagram of the storage and utilization of state information within the 
repository; 

Fig. 10 is a detailed diagram showing security profile verification during a service request; 
Fig. 11 is a schematic diagram showing access to a given data base using different security 
profiles; 
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Fig. 12 is a view of the initial [Cool] COOL ICE Administration window; and 
Fig. 13 is a view of the window providing for definition and modification of data access by 
security profile. 
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DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS 



The present invention is described in accordance with several preferred embodiments 
which are to be viewed as illustrative without being limiting. These several preferred 
embodiments are based upon Series 2200 hardware and operating systems, the [Classic] 
CLASSIC MAPPER data base management system, and the [Cool] COOL ICE software 
components, all available from Unisys Corporation. 

Fig. 1 is an overall pictographic representation of a system 10 permitting access to a 
proprietary data base management system via an internet terminal. Existing data bases and 
applications 12 represents commercially available hardware and software systems which typically 
provide select users with access to proprietary data and data base management functions. In the 
preferred embodiment, existing data bases and applications 12 represents Series 2200 hardware 
and operating system containing one or more data bases prepared using [Classic] CLASSIC 
MAPPER data base management system, all available from Unisys Corporation. Historically, 
existing data bases and applications 12 could only be accessed from a dedicated, direct terminal 
link, either physically co-located with the other system elements or connected thereto via a 
secured dedicated telephonic, satellite, or fiber optic link. 

With the preferred mode of the present invention, communication between new web 
application terminal 14 and existing data bases and applications 12 is facilitated. As discussed 
above, this permits nearly universal access by users world wide without specialized hardware 
and/or user training. The user effects the access using standardized HTML transaction language 
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through world wide web link 16 to the [Cool] COOL ICE system 20, which serves as a world 
wide web server to world wide web link 16. 

[Cool] COOL ICE system 20 appears to existing data bases and applications 12 as a data 
base management system proprietary user terminal over dedicated link 18. Oftentimes, dedicated 
link 18 is an intranet or other localized network link. [Cool] COOL ICE system 20 is currently 
available in commercial form without the present invention as [Cool] COOL ICE Revision Level 
1.1 from Unisys Corporation. 
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Fig. 2 is a basic schematic diagram of security system 22 of the preferred mode of the 
present invention. By way of example, there are four categories of service defined, each with its 
own functionality and portion of the data base. Service A 36 contains data and functions which 
should only be made available to customers. Service B 38 contains data and functions which 
should only be made available to customers or employees. Service C 40 contains data and 
functions which should only be made available to employees, and Service D 42, containing the 
least restrictive data and functions may be made available to anyone, including the general public. 

In a typical application, Service D 42 might contain the general home page information of 
the enterprise. It will consist of only the most public of information. It is likely to include the 
name, address, e-mail address, and phone number of the enterprise, along with the most public of 
the business details. Usually, Service D 42 would include means of presenting the information in 
a sufficiently interesting way to entice the most casual of the public user to make further inquiry 
and thus become more involved with the objectives of the enterprise. Service D 42 represents the 
lowest level of security with data and functions available to all. 

Service C 40 is potentially the highest level of classification. It contains data and functions 
which can be made available only to employees. In actual practice, this might entail a number of 
sub levels corresponding to the various levels of authority of the various employees. However, 
some services may be so sensitive that the enterprise decides not to provide any access via the 
internet. This might include such things as strategic planning data and tools, advanced financial 
predictions, specific information regarding individual employees, marketing plans, etc. The 
penalty for this extreme security measure is that even authorized individuals are prohibited from 
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accessing these services via the internet, and they must take the trouble to achieve access via an 
old-fashioned dedicated link. 

Customers and employees may share access to Service B 38. Nevertheless, these data and 
functions are sufficiently sensitive that they are not made public. Service B 38 likely provides 
access to product specifications, delivery schedules and quantities, and pricing. 

For customer access only is Service A 36. One would expect marketing information, 
along with specific account information, to be available here. 

These four service levels (i.e., Service A 36, Service B 38, Service C 40, and Service D 
42) are regulated in accordance with three security profiles. The lowest level of security does not 
require a security profile, because any member of the general public may be granted access. This 
can be readily seen as guest category 28 (e.g., a member of the public) can directly access Service 
D 42. Of course, all other categories of user may also directly access Service D 42, because all 
members of the more restrictive categories (e.g., customers and employees) are also members of 
the general public (i.e., the least restrictive category). 

Security Profile #1, 30 permits access to Service A 36 if and only if the requestor seeking 
access is a customer and therefore a member of customer category 24. Members of customer 
category 24 need to identify themselves with a customer identification code in order to gain 
access. The assigning and processing of such identification codes are well known to those of skill 
in the art. 

Similarly, Security Profile #3, 34 permits access to Service C 40 if and only if the 
requestor seeking access is an employee and therefore a member of employee category 26. 
Security Profile #2, 32 permits access to Service B 38 to requestors from either customer 
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category 24 or employee category 26, upon receipt of a customer identification code or an 
employee identification code. A more detailed description of the security system of the preferred 
mode of the present invention is found below. 
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Fig. 3 is a pictorial diagram of hardware suite 44 of the preferred embodiment of the 
present invention. The client interfaces with the system via internet terminal 46. Preferably, 
internet terminal 46 is an industry compatible, personalized computer having a current version of 
the Windows operating system and suitable web browser, all being readily available commercial 
products. Internet terminal 46 communicates over world wide web access 48 using standardized 
HTML protocol. 

The [Cool] COOL ICE system is resident in web server 50, which is coupled to internet 
terminal 46 via world wide web access 48. In the preferred mode, web server 50 is owned and 
operated by the enterprise owning and controlling the proprietary data base management system. 
Web server 50 may serve as the internet access provider for internet terminal 46 wherein world 
wide web access 48 is typically a dial-up telephone line. This would ordinarily be the case if the 
shown client were an employee of the enterprise. On the other hand, web server 50 may be a 
remote server site on the internet if the shown client has a different internet access provider. This 
would ordinarily occur if the shown client were a customer or guest. 

In addition to being coupled to world wide web access 48, web server 50, containing the 
[Cool] COOL ICE system, is coupled to intranet 52 of the enterprise as shown. Intranet 52 
provides the enterprise with communication for its internal business purposes. This 
communication is administered and managed by enterprise server 54 having enterprise server 
storage facility 56. Thus, employees and others granted access may communicate via intranet 52 
within the physical security provided by the enterprise. Also coupled to intranet 52 is 
departmental server 58 having departmental server storage facility 60. Additional departmental 
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servers (not shown) may be coupled to intranet 52. The enterprise data and enterprise data base 
management service functionality typically resides within enterprise server 54, departmental server 
58, and any other departmental servers (not shown). Normal operation in accordance with the 
prior art would provide access to this data and data base management functionality via intranet 52 
5 to users directly coupled to intranet 52. 

In the preferred mode of the present invention, access to this data and data base 
management functionality is also provided to users (e.g., internet terminal 46) not directly coupled 
to intranet 52, but indirectly coupled to intranet 52 via web server 50. As explained below in 
more detail, web server 50 provides this access utilizing the [Cool] COOL ICE system resident in 
10 web server 50. 
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Fig. 4 is pictographic view of the system of Fig. 3 with particular detail showing the 
organization and operation of the [Cool] COOL ICE system 62, which is resident in the web 
server (see also Fig. 3). In this view, the client accesses the data base management system within 
the enterprise via internet terminal [54] 46 which is coupled to the web server 68 by world wide 
web path [66] 48. Again, the internet terminal [54] 46 is preferably an industry standard 
computer utilizing a commercially available web browser. 

The basic request/response format of the [Cool] COOL ICE system involves a "service" 
(defined in greater detail below) which is an object of the [Cool] COOL ICE system. The service 
is a predefined operation or related sequence of operations which provide the client with a desired 
static or dynamic result. The services are categorized by the language in which they were 
developed. Whereas all services are developed with client-side scripting which is compatible with 
internet terminal [54] 46 (e.g., HTML), the server-side scripting defines the service category. 
Native services utilize [Cool] COOL ICE script for all server-side scripting. On the other hand, 
open services may have server-side scripting in a variety of common commercial languages 
including Jscript, VBScript, ActiveX controls, and HTML. Because native services are developed 
in the [Cool] COOL ICE language, greater development flexibility and variety are available with 
this technique. 

Web server 68 provides open server processor 70 for Active Server Pages (ASP's) which 
have been developed as open services and Default ASP processor 72 for native services. After 
the appropriate decoding (i.e., native or open service), a call to the corresponding [Cool] COOL 
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ICE object 74 is initiated as shown. The selected object is processed by [Cool] COOL ICE 
engine 76. 

Repository [80] 106 is a storage resource for long term storage of the [Cool] COOL ICE 
objects and short term storage of the state of a particular service. Further details concerning 
repository [80] 106 may be found by consulting the above referenced, commonly-assigned, co- 
pending U.S. Patent Application. In the preferred mode of the present invention, the objects 
stored in repository [80] 106 are typically very similar to mapper runs as described above. For a 
more detailed description of mapper runs, [Classic] CLASSIC MAPPER User Manual is available 
from Unisys Corporation and incorporated herein by reference. In the more general case, 
repository [80] 106 would typically store predefined sequences of statements in the command 
language of the enterprise data base management system(s) to be accessed. 

[Cool] COOL ICE engine 76 sequences these previously stored command statements and 
uses them to communicate via intranet 84 with the data base management system(s) (e.g., 
[Classic] CLASSIC Mapper) resident on enterprise server [86] 54 and departmental server [88] 
58. The short term storage capability of repository [80] 106 is utilized by [Cool] COOL ICE 
engine 76 to store the state and intermediate products of each service until the processing 
sequence has been completed. Following completion, [Cool] COOL ICE engine 76 retrieves the 
intermediate products from repository [80] 106 and formats the output response to the client, 
which is transferred to internet terminal [54] 46 via web server 68 and world wide web path [66] 
48. 

[Cool] COOL ICE Administrator 82 is available for coordination of the operation of 
[Cool] COOL ICE system 62 and thus can resolve conflicts, set run-time priorities, deal with 
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security issues, and serve as a developmental resource. Graphing engine 78 is available to 
efficiently provide graphical representations of data to be a part of the response of a service. This 
tends to be a particularly useful utility, because many of the existing data base management 
systems have relatively sparse resources for graphical presentation of data. 

The combination of [Cool] COOL ICE engine 76 and repository [80] 106 permits a rather 
simplistic service request from internet terminal [54] 46 in dialog format to initiate a rather 
complex series of data base management system functions. In doing so, [Cool] COOL ICE 
engine 76 emulates an intranet user of the data base management system(s) resident on enterprise 
server [86] 54 and/or departmental server [88] 58. This emulation is only made possible, because 
repository 80 stores sequences of command language statements (i.e., the logic of the service 
request) and intermediate products (i.e., the state of the service request). It is these functions 
which are not available in ordinary dialog on the world wide web and are therefore not even 
defined in that environment. 
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Fig. 5 is a schematic diagram 90 of the software components of the [Cool] COOL ICE 
system and the software components to which it interfaces in the preferred mode of the present 
invention. The client user of the [Cool] COOL ICE system interfaces directly with web browser 
92 which is resident on internet terminal [54] 46 (see also Fig. 4). Web browser 92 is a 
commercially available browser operating under a current version of the Windows operating 
system (e.g., Windows 95). The only special requirement of web browser 92 is that it be capable 
of supporting frames. 

Web browser 92 communicates with web server software 96 via internet standard 
protocol using HTML language using world wide web path 94. Web server software 96 is also 
commercially available software, which is, of course, appropriate for to the web server host 
hardware configuration. In the preferred mode of the present invention, web server software 96 is 
hosted on a Series 2200 mainframe available from Unisys Corporation, from which web server 
software 96 is readily available. 

[Cool] COOL ICE system software 98 consists of [Cool] COOL ICE Gateway 100, 
[Cool] COOL ICE service handler 102, [Cool] COOL ICE administration 104, [Cool] COOL 
ICE repository 106, and [Cool] COOL ICE scripting 108. It is these five software modules which 
interface to web server software 96 in HTML using a dialog format and interface to data base 
management system interconnect 1 10 in the command language of the enterprise data base 
management system(s) (i.e., [Classic] CLASSIC MAPPER in the preferred mode of the present 
invention). 
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[Cool] COOL ICE gateway 100 is the interface between standard, commercially available, 
web server software 96 and the internal [Cool] COOL ICE system language and logic. As such, 
[Cool] COOL ICE gateway 100 translates the dialog format, incoming HTML service request 
into internal [Cool] COOL ICE language, and protocol. Intrinsic in this translation is a 
determination of the service category (see also Fig. 4) - that is whether the service request is a 
native service (i.e., with [Cool] COOL ICE server-side scripting) or an open service (i.e., with 
server-side scripting in another commercial language). 

The service request, received from [Cool] COOL ICE gateway 100, is utilized by [Cool] 
COOL ICE service handler 102 to request the corresponding object from [Cool] COOL ICE 
repository 106 and to open temporary state storage using [Cool] COOL ICE repository 106. 
[Cool] COOL ICE scripting 108 is called to translate the server-side scripting of an open service 
request as necessary. [Cool] COOL ICE service handler 102 sequences through the command 
language statements of the object received from [Cool] COOL ICE repository 106 and forwards 
each command in turn to data base management system software 1 14 for accessing of the 
enterprise proprietary data base management system. [Cool] COOL ICE service handler 102 
receives each of the intermediate products from data base management system software 114 and 
transfers each to [Cool] COOL ICE repository 106 for temporary storage until completion of the 
service request. [Cool] COOL ICE service handler 102 retrieves the intermediate products from 
[Cool] COOL ICE repository 106 upon completion of the service request and formulates the 
[Cool] COOL ICE response for transfer to browser 92 via web server software 96 and world wide 
web path 94. 
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[Cool] COOL ICE administration 104 implements automatic and manual control of the 
process. It provides for record keeping, for resolution of certain security issues, and for 
development of further [Cool] COOL ICE objects. Interconnect 1 10 and interconnect 1 12 are 
software interface modules for communicating over the enterprise intranet (see also Fig. 4). 
These modules are dependent upon the remaining proprietary hardware and software elements 
coupled to the enterprise intranet system. In the preferred mode of the present invention, these 
are commercially available from Unisys Corporation. 
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Fig, 6 is a schematic diagram 1 16 showing the processing of a service request by the 
[Cool] COOL ICE system. Screen 1 18 is the view as seen by the client or user at an internet 
terminal (see also Fig,. 4). This screen is produced by the commercially available browser 120 
selected by the user. Any such industry standard browser is suitable, if it has the capability to 
handle frames. The language of screen 1 18 is HTML 124. Hyperlinks 126 is used in locating the 
URL of the [Cool] COOL ICE resident server. The components of the URL are as follows. In 
many instances, this will simply be the internet access provider of the internet terminal, as when 
the internet terminal is owned by the enterprise and the user is an employee. However, when the 
user is not an employee and the internet terminal is not necessarily owned by the enterprise, it 
becomes more likely that hyperlinks 126 identifies a remotely located server. 

Icon 122 is a means of expressly identifying a particular service request. Such use of an 
icon is deemed to be unique. Additional detail concerning this use of an icon is available in the 
above identified, commonly assigned, co-pending U.S. Patent application. Window area 128 
provides for the entry of any necessary or helpful input parameters. Not shown are possible 
prompts for entry of this data, which may be defined at the time of service request development. 
Submit button provides the user with a convenient means to transmit the service request to the 
web server in which the [Cool] COOL ICE system is resident. 

Upon "clicking on" submit button 130, screen 1 18 is transmitted to web server 136 via 
world wide web path 132. As discussed above, world wide web path 132 may be a telephonic 
dial-up of web server 136 or it might be a long and complex path along the internet if web server 
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136 is remote from the originating internet terminal. Web server 136 is the software which 
performs the retrieval of screen 118 from world wide web path 132. 

Screen 118 is transferred from web server 136 to [Cool] COOL ICE gateway [138] 100 , 
wherein it is converted to the internal [Cool] COOL ICE protocol and language. A browser input 
5 file is opened at storage resource 146 via path 140, Thus the initial service request can be 

accessed from storage resource 146 during processing up until the final result is transferred back 
to the user. This access readily permits multi-step and iterative service request processing, even 
though the service request was transferred as a single internet dialog element. This storage 
technique also provides initially received input parameters to later steps in the processing of the 

10 service request. 

[Cool] COOL ICE gateway 138 notifies [Cool] COOL ICE service handler [156] 102 that 
a service request has been received and logged in. The service request itself is utilized by [Cool] 
COOL ICE service handler [156] 102 to retrieve a previously stored sequence of data base 
management system command statements from repository [166] 106. Thus, in the general case, a 

15 single service request will result in the execution of a number of ordered data base management 
system commands. The exact sequence of these commands is defined by the service request 
developer as explained in more detail below. 

Service input parameters 170 is prepared from the service request itself and from the 
command sequence stored in repository [166] 106 as shown by path 164. This list of input 

20 parameters is actually stored in a dedicated portion of repository [166] 106 awaiting processing of 
the service request. 
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Each command statement from repository [166] 106 identified with the service request is 
sequentially presented to [Cool] COOL ICE service 168 for processing via path 160. The 
corresponding input parameter from service input parameters 170 is coupled with each command 
statement via path 176 to produce an appropriate query of the enterprise data base management 
system at [Cool] COOL ICE service 168. After the enterprise data base management system has 
responded to a given query, the intermediate products are stored as entries in HTML document 
172 which is also stored in a dedicated portion of repository [166] 106 . 

After all command statements corresponding to the service request have been processed 
by the enterprise data base management system and HTML document 172 has been completed, 
the result is provided via path 156 to [Cool] COOL ICE service handler [156] 102 for temporary 
storage as a browser output file in storage resource 154 via path 152. [Cool] COOL ICE 
gateway [138] 100 receives the browser output file via path 148. The response is converted to 
HTML protocol and transferred by web server 136 and world wide web path 134 to be presented 
to the user as a modified screen (not shown). 
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Fig. 7 is a pictographic drawing 178 of the development process for creating a [Cool] 
COOL ICE service. HTML document 180 is created utilizing any commercially available standard 
HTML authoring tool (e.g., Microsoft FrontPage). The resulting HTML document 180 is stored 
5 as a normal .HTM file. This file will be utilized as a template of the service to be developed. 

The authoring process moves along path 182 to invoke the administration module of the 
[Cool] COOL ICE system at element 184. The new dynamic service is created using HTML 
document 180 stored as a normal .HTM file as a template. As HTML document 180 is imported 
into [Cool] COOL ICE, sequences of script for the beginning and end of the HTML code are 
10 automatically appended to the service. Required images, if any, are also uploaded onto the web 
server (see also Figs. 5 and 6). The service is edited by inserting additional [Cool] COOL ICE 
script, as required. A more detailed description of the editing process may be found in [Cool] 
COOL ICE User ! s Guide, Revision 1.1, available from Unisys Corporation and incorporated 
herein by reference. 

15 The completed service script is transferred along path 186 to element 188 for storage. 

The service is stored as an object in the repository (see also Figs. 5 and 6). Storage is effected 
within the appropriate category 190 as discussed above, along with services 192, 194, and 196 
within the same category. 

The process proceeds along path 198 to element 200 for testing. To perform the testing, 
20 the URL for the newly created service is entered into the browser of the internet terminal, if 
known. The typical URL is as follows: 

http ://machine-name/ICEGate/Category/Service 
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If the URL for the new service is not known, a list of the available services may be determined 
from the [Cool] COOL ICE system by specifying the [Cool] COOL ICE URL as follows: 

http; ://machine-name/ICEGate 
This call will result in a presentation of a menu containing the defined categories. Selecting a 
category from the list will result in a menu for the services defined within that category. The 
desired service can thus be selected for testing. Selection of the service by either means will result 
in presentation of the HTML page as shown at element 200. 

The process proceeds to element 204 via path 202, wherein the HTML page may be 
enhanced. This is accomplished by exporting the HTML document from the [Cool] COOL ICE 
administration module to a directory for modification. By proceeding back to HTML document 
180 [via path 208], the exported HTML template is available for modification using a standard 
HTML authoring tool. After satisfactory completion, the finished HTML document is saved for 
future use. 
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Fig. 8 is a diagram showing a comparison between dialog-based structure 210 and 
service-based structure 2 12. Dialog-based structure 210 is the norm for the typical existing 
proprietary data base management system (e.g., [Classic] CLASSIC MAPPER). The user, 
normally sitting at a dedicated user terminal, transfers output screen 214 to the data base 
management system to request a service. The user terminal and its normally dedicated link are 
suspended at element 216 to permit transfer and operation of the data base management system. 
The input is validated at element 218, while the user terminal and its normally dedicated link 
remains suspended. 

The data base management system processes the service request at element 220 while the 
user terminal remains suspended. Output occurs at element 222 thereby releasing the suspension 
of the user terminal. Thus, a true dialog is effected, because one part of the dialog pair (i.e., the 
user terminal) is suspended awaiting response from the data base management system. This type 
of dialog is best accomplished in an environment wherein at least the user terminal (or data base 
management system) is dedicated to the dialog, along with the link between user terminal and data 
base management system. 

Service-based structure 212 illustrates on of the basic constraints of the world wide web 
protocol. To ensure that each of the elements on the world wide web are sufficiently independent 
to prevent one element from unduly delaying or "hanging-up" another element to which it is 
coupled awaiting a response, the communication protocol forces a termination after each 
transmission. As can be readily seen, even the simplest dialog requires at least separate and 
independent transactions or services. The first service, Service 224, involves the transmissions of 
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output form 228 from the interact user terminal. This transmission is immediately arid 
automatically follo wed by ienriiriatiori 230 to ensure independence of the sender arid receiver. 

The secorid service, Service 226, enables the receiver of olitpUt font! 228 to process the 
feqliest arid oliiplii ari appropriate response. The validation of the iriplit at eleriierit 232, 
pfocessirig 234, arid output 236 all oecuf withiri the receiver of output fofrii 228. Immediately 
arid automatically, termination 238 follo ws. Thus, if internet transactions are to be linked into a 
true dialog fo penriit data base management furictioris, the state iriust be saved from orie service to 
the next as taught hefeiri. 

In the preferred iriode of the pfeserif invention, the state of a service is saved iri the 
repository (see also Figs. 4 arid 5) for Use iri the riext of sUbsequerit services. 
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Fig, 9 is a schematic diagram 240 of the preferred mode of the present invention showing 
normal data flow during operation, with special attention to the state saving feature. Work 
station 242 is an industry compatible personal computer operating under a commonly available 
operating system such as Windows 95. Browser [244] 92 is a standard, commercially available 
web browser having frames capability. Path 248 is the normal world wide web path between 
work station 242 and web server [254] 50 for the transfer of service requests and input data. 
These transfers are converted by [Cool] COOL ICE gateway [256] 100 as explained above and 
sent to [Cool] COOL ICE service handler [258] 102 via path 266 for disposition., 

The service request for data and/or another function is converted into the data base 
management language by reference to the service definition portion of repository [262] 106 
through reference along path 276. The actual command language of the data base management 
system is utilized over path 286 to access data base 264. The resultant data from data base 264 is 
transferred to [Cool] COOL ICE administrator [290] 104 via path 288. State manager 260 
determines whether the original service request requires additional queries to data base 264 for 
completion of the dialog. If yes, the resultant data just received from data base 264 is transferred 
via path 284 to repository [262] 106 for temporary storage, and the next query is initiated over 
path 286, and the process is repeated. This is the state saving pathway which is required to 
provide the user of the [Cool] COOL ICE system to function in a dialog form over the world 
wide web. 

Upon receipt of the resultant data from the final query of data base 264, state manager 
260 determines that the service request is now complete. State manager 260 notifies repository 
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[262] 106 via path 280, and the intermediate products are retrieved from temporary storage in 
repository [262] 106 via path 278 and supplied to [Cool] COOL ICE service handler [258] 102 
via path 272 for formatting. State manager 260 then clears the intermediate products from 
temporary storage in repository [262] 106 via path 282. The final response to the service request 
5 is sent to [Cool] COOL ICE gateway [256] 100 via path 270 for translation and to browser [244] 
92 via path 250. 
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Fig. 10 is a detailed diagram 300 showing operation of the security system during the 
honoring of a service request. The user, operating industry compatible, personalized computer, 
workstation 302, formats a service requests via commercially available web browser [304] 92. In 

5 the preferred mode of the present invention, this is accomplished by making a call to the [Cool] 
COOL ICE system. The user simply requests access to the [Cool] COOL ICE home page by 
transferring web browser [304] 92 to the URL of [Cool] COOL ICE system. After the [Cool] 
COOL ICE home page has been accessed, one of the buttons is clicked requesting a previously 
defined service request. For additional detail on the service request development process, see 

10 above and the above referenced commonly assigned, co-pending U.S. Patent Applications. 

The service request is transferred to web server 3 14 via world wide web path 306. The 
service request is received by [Cool] COOL ICE gateway [322] 100 and translated for use within 
the [Cool] COOL ICE system. The request is referred to service handler [332] 102 via path 324. 
In the preferred mode of practicing the present invention, service handler [332] 104 is basically 

15 equivalent to the [Classic] CLASSIC MAPPER data base management system. The service 

request is passed to [Cool] COOL ICE administration [344] 104 via path 334 for retrieval of the 
command language script which describes the activities required of the data base management 
system to respond to the service request. 

[Cool] COOL ICE administration [344] 104 makes an access request of [Cool] COOL 

20 ICE service portion 340 of repository [342] 106 via path 338. It is within [Cool] COOL ICE 
service portion 340 of repository [342] 106 that the command language script corresponding to 
the service request is stored. The command language script is obtained and transferred via path 
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336 to service handler [332] 102 for execution. Along with the command language script, a 
security profile, if any, is stored for the service request. As explained in the above referenced, 
commonly assigned, co-pending U.S. Patent Application, the security profile, if required, is added 
to the command language script file at the time of service request development by the service 

5 request developer. This security profile identifies which of the potential service requestors may 

actually be provided with a complete response. The security profile, if any, is similarly transferred 
to service handler [332] 102 via path 336. 

If no security profile has been identified for the service request, service handler [332] 102 
executes the command language script received via path 336 through access of remote database 

10 316 via paths 3 18 and 320, as required. The response is transferred to [Cool] COOL ICE 

gateway [322] 100 via path 328 for conversion and transfer to workstation 302 via world wide 
web path 310. 

However, if a security profile has been identified for the service request, service handler 
[322] 100 requests the user to provide a user-id via path 330, [Cool] COOL ICE gateway [322] 

15 100, and world wide web path 312. Service handler [332] 102 awaits a response via world wide 
web path 308, [Cool] COOL ICE gateway [322] 100, and path 326. Service handler [332] 102 
compares the user-id received to the security profile stored with the command language script. If 
the user matches the security profile, access is granted and service handler [322] 100 proceeds as 
described above. If the user does not match with the stored security profile, the service request is 

20 not executed and the user is notified via diagnostic message. 



Fig. 11 is a schematic diagram 350 showing access by users with different security profiles 
to different portions of the same data base 352. In this example, the user operating internet 
terminal 378 has a user-id which identifies the user as a manager within the human resources 
department of the subject enterprise. The human resources department is located at a facility of 
the enterprise which does not contain the hardware or software to be utilized in accessing the data 
base. Similarly, the user of internet terminal 382 is a manager within the accounts payable 
department of the enterprise who is located in yet another facility. The user of internet terminal 
380 is a receptionist at one of the manufacturing plants of the enterprise. 

Data base 352 is a data base prepared and maintained by the human resources department 
of the enterprise. As such, it contains information concerning employees of the enterprise having 
very different levels of sensitivity. Furthermore, access to some of the information concerning 
enterprise employees is regulated by federal and state law. 

By way of example and not to be viewed as limiting of the present invention, data base 
352 contains six (6) separate data tables. Phone #'s 354 is a data table having the telephone 
numbers of the employees of the enterprise. Entry 366 is a record containing the telephone 
number of a particular one of the employees of the enterprise. Authority 356 is a data table 
showing the dollar level of authority of each of the employees to commit the enterprise to 
financial obligations (e.g., purchasing). Record 368 is the dollar level of authority of a particular 
one of the employees of the enterprise. 

Compensation 358 is a data table showing the annual compensation levels of each of the 
employees of the enterprise. Entry 370 shows the current salary of a particular employee of the 
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enterprise. Supervisor 360 is a data table listing the immediate supervisor of each employee of the 
enterprise. Data table Comp. History 362 provides the compensation history of each employee 
during the period of employment at the enterprise. Entry 374 is record of the compensation 
history of a given employee. Job Title 364 is a data table listing the job title of each employee. 
The job title of a given employee is found in sample record 376. 

The user-id of the operator of internet terminal 378 identifies her as a management level 
employee within the human resources department. In that capacity, she is charged within the 
enterprise with the creation and maintenance of data base 352. Therefore, as schematically 
shown, her user-id is correlated with a security profile giving her access to all of the data within 
data base 352. Thus, she is permitted by the [Cool] COOL ICE system to read and modify any of 
the data within data base 352 via the world wide web. 

In the current example, internet terminal 380 is also coupled via the world wide web to 
data base 352. The user-id of the operator of internet terminal 380 identifies him as a receptionist 
within one of the manufacturing plants of the enterprise and provides him with a corresponding 
security profile. In this job position, it is unnecessary, unwise, and probably illegal to give him 
general access to all of the information within data base 352. However, the receptionist does 
have a need to access the telephone numbers of the employees of the enterprise as necessary to 
the performance of his job. In the preferred mode of the present invention, he is provided with 
access to only a single data table, Phone #'s 354, within data base 352. Because the preferred 
mode of the present invention can restrict his access to a single data table within data base 352, he 
is given appropriate, and only appropriate access, without the need to duplicate the information 
from Phone # f s 354 as a separate data base. Providing such duplication is not only wasteful, but it 



90 



presents extraordinary data base maintenance problems to ensure the duplicate copies of a given 
table remain consistent. 

Internet terminal 382 is operated by a management level employee within the accounts 
payable department. As part of her job, she is charged with the task of verifying that another 
employee requesting issuance of a check of the enterprise in payment of a debt of the enterprise, 
actually has been granted a dollar authority consistent with his request. Therefore, she has a need 
for access to the data table Authority 356. Record 368 of Authority 356 specifies the dollar level 
of authority of the requesting employee. 

However, the management level employee within the accounts payable department has no 
need for access to the remainder of the sensitive data within data base 352. Therefore, her user-id 
correlates with a security profile giving her access only to Authority 356 and no other data within 
data base 352. 
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Fig. 12 is a view of the highest level window 344 of [Cool] COOL ICE Administration 
(see also above). It is the [Cool] COOL ICE Administration module which is responsible for 
maintaining the security profiles of each service request and data element. [Cool] COOL ICE 
Administration window 344, as identified by title 346, is directly available from the [Cool] COOL 
ICE main menu. The [Cool] COOL ICE main menu is displayed in response to a transfer to the 
[Cool] COOL ICE URL (see also above). Security button 348 is provided for access to the 
security maintenance functions of the [Cool] COOL ICE Administration module. Clicking on 
security button 348 provides entry to the security maintenance functions. 
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Fig. 13 is a view of security maintenance main window 360, which is reached by clicking 
on security button 348 (see also above). Of course, access to security maintenance main window 
360 requires a user-id correlating with a security profile adequate to security profile maintenance. 
5 Title 362 identifies security maintenance main window 360. 

The user must access the security profile table of the service request and/or data base of 
interest using select button 378. In the present example, the manager from the human resources 
department is utilizing internet terminal 378 to maintain the view of the security definitions for 
data base 352 (see also Fig. 1 1). The interface hierarchy provides a list 386 of the tables within 
10 data base 352. Authority caption 388 is selected providing access to the security profiles for 
Authority 356 (see also Fig. 1 1). 

The security profiles currently corresponding to Authority 356 are displayed in the profile 
window. HR 380 shows that the human resources security profile is to be provided access to 
table Authority 356 of data base 352. Similarly, A. Payable 382 shows that the accounts payable 
15 manager previously identified as the user of internet terminal 382 is also to be provided access to 
Authority 356 of data base 352. Empty space 384 shows that no other security profiles are 
currently to be provided access to Authority 356. 

Button 368 enables an authorized user to add an additional security profile for access to 
Authority 356. Button 370 permits and authorized user to modify an existing security profile. 
20 Button 372 permits removal of a security profile. Button 374 establishes reinheritance. Button 
376 provides an authorized user with a report of the security profiles corresponding to a given 
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data table. Button 366 permits the user to save a new or modified security profile allocation. The 
remaining buttons are deemed to be self explanatory. 
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Having thus described the preferred embodiments of the present invention, those of skill 
the art will be readily able to adapt the teachings found herein to yet other embodiments within 
the scope of the claims hereto attached. 

WE CLAIM: 



95 



